package com.dongpl.module.order.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * 用户权限
 * @author Administrator
 */
@Controller
@RequestMapping("order")
public class OrderController {

    @RequestMapping("save")
    public String save() {
        //基于角色
        //获取主体对象
        Subject subject = SecurityUtils.getSubject();
        //代码方式
        if (subject.hasRole("admin")) {
            System.out.println("保存订单!");
        }else{
            System.out.println("无权访问!");
        }
        System.out.println("进入save方法============");
        return "redirect:/index";
    }

    /**
     * 用来判断角色  同时具有 admin user
     * 用来判断权限字符串
     * @return 重定向注册页面
     */
    @RequiresRoles(value={"admin","user"})
    @RequiresPermissions("user:update:01")
    @RequestMapping("update")
    public String update(){
        System.out.println("进入update方法============");
        return "redirect:/register";
    }

}
